The Reason Business Doesn’t Take InfoSec Seriously

I saw a thread recently where someone was complaining about Dave Kennedy making a hilarious inside joke on CNN without any of the participants knowing. Evidently people on Twitter said this is why InfoSec isn’t taken seriously.

Then someone else showed up with this reply, which prompted my response.

The reason infosec is not taken seriously is because we can’t map risk to money.